In order for the Department of Defense’s recently outlined cyber strategy to be successful, cyberwarriors must act outside U.S. networks, according to top DoD officials.

Over the past year, DoD and U.S. Cyber Command have frequently railed on the new approach to cyberspace termed persistent engagement and defending forward. The first part is best understood as constantly operating in cyberspace, while the latter can be defined as disrupting adversary actions as far from U.S. networks as possible.

This defending forward posture “is critical to increasing military readiness. We cannot be fully prepared to take effective action in a potential conflict unless we have already developed the tools, accesses and experience through our actions day to day,” Kenneth Rapuano, assistant secretary of defense for Homeland Defense and Global Security and principal cyber adviser, said during a March 13 House Armed Services Subcommittee hearing.

Persistent engagement has two foundational elements, Cyber Command chief Gen. Paul Nakasone told the committee.

First is enabling. By constantly engaging actors in cyberspace on a day-to-day basis, the command will be able to provide U.S. agencies and foreign partners with things such as indicators of compromise, meaning where flashpoints in networks might be.

One critical example was when, in the midterm election, Cyber Command, in partnership with the National Security Agency, provided insight into potential vulnerabilities to the FBI and the Department of Homeland Security.

Second is acting. Acting, Nakasone said, includes everything from understanding what adversaries are doing within their networks, providing early warning, and ensuring the United States understands the malware, infrastructure and other capabilities that an adversary might be using for an operation against America.

Nakasone also said that acting means sending teams forward. In November, during the midterm election cycle, Cyber Command for the first time sent defensive teams forward to three different European countries, he explained.

“That’s acting outside of our borders that impose costs against our adversaries,” he said.

Escalation?

Some inside and outside government have been worried this more active posture in cyberspace might provoke retaliation from adversaries and lead to unnecessary escalation of conflict.

“From a policy perspective and with respect to escalation dynamics, have we thought about potentially when and if this more forward and persistent posture could be interpreted as escalatory in nature by our adversaries and perhaps preemptively trigger escalation or retribution,” subcommittee ranking member Elise Stefanik, R-New York, asked Rapuano.

Rapuano acknowledged that escalation is always a concern with military operations. However, he noted that while each individual adversarial cyber action taken over the years has not amounted to a level necessary to respond with direct military action, in their totality, they have a strategic cumulative effect.

“If we ignore them, they will continue them and they will undermine our security in a strategic way,” he said, making the case for increased U.S. action in cyberspace.

Rapuano outlined a deliberate process for which operations are undertaken under new presidential and congressional authorities.

The current process is very risk based in terms of informing the risk benefit assessment associated with how DoD targets malevolent activities and how it achieves access, he said.

First, there is a presidential determination for certain types of operations. Then there is a coordination process for engaging the development of the operation’s concepts with agencies that will have equities involved. Finally, there is a deconfliction execution process to work out the varying equities that exist to include potential unintended escalation.

“We do have a very thoughtful process, but also a process designed to operate with the speed of relevance,” Rapuano said.